What a large number of people fail to realise is that the GDPR applies to any person (natural or legal; a data controller and/or data processor) that holds personal data on a EU citizen or EU resident, regardless of where the data controller (or data processor) is. Obviously EU law can only be enforced in the EU but if you are a business then any funds in the EU that belong to the data controller can be frozen or used to pay court levied fines. Or if an infringing data controller travelled to the EU (or a country with an extradition treaty and similar criminal code) they could potentially be held if a court decides that the behaviour was criminal in nature (some EU jurisdictions are more strict than others).
The only way to completely avoid the GDPR is to not hold personal data of EU citizens or EU residents.
I was talking about in the context of the medium post / businesses which is what I was replying to. I don't think I have seen anyone complaining about household activities. A red herring.
Nitpick, but as far as I understand it, it's only EU residents (regardless of their citizenship). The specific text says "data subjects who are in the Union", and citizen never appears in it.
(This is for foreign businesses. EU businesses have to apply it to everyone, regardless of their location or citizenship.)
This means this should be applied to everyone because how do you check that someone is an EU resident? Should websites display a page requesting visitor to upload their residency certificate to be complaint?
The only way to completely avoid the GDPR is to not hold personal data of EU citizens or EU residents.